Welcome to the Linux Foundation Forum!

Firewall-cmd of Lesson 40

sadamahan
sadamahan Posts: 11
edited May 2017 in LFS201 Class Forum - Discontinued

Hello 

Working on Firewall-cmd in Lesson 40. I do not understand why curl allows access to the web server from the local machine but not from a remote computer to the same URL. This is concerning because, in the LFCS exam, we will have only have access to a single host terminal and so need a reliable way to test firewall rules.

Context:

firewall-cmd is configured to block http, https services and port 80. However, it forwards port 8080 to port 80:

root@SandBox1:~# firewall-cmd --list-all

public (default, active)

  interfaces: ens160

  sources:

  services: dhcpv6-client mysql ssh

  ports:

  protocols:

  masquerade: no

  forward-ports: port=8080:proto=tcp:toport=80:toaddr=

  icmp-blocks:

  rich rules:

Web server is running on port 80:

root@SandBox1:~# netstat -anp | grep apache2

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2424/apache2

Question:

Why does curl http://192.168.1.175 on the same host return a web page when port 80 is blocked? If I try to curl http://192.168.1.175 from a different, I get the expected behavior - Port 80: No route to host.  

Best Regards

SMK

Comments

  • dlwillson
    dlwillson Posts: 2
    edited June 2017

    During the exam, you have access to your own machine, and you can test from there.

  • coop
    coop Posts: 917
    edited June 2017

    Hi:

    I don't actually know specific exam content (I'm not allowed to) but I would doubt firewalld stuff is on the exam as ifirewalls are covered more thoroughly in LFS211 and are more appropriate in LFCE exam, not LFCS.  Also, firewalld is still not as widely used and requires manual installation on some of the older systems the exam is given on as it was not yet in the packaging system.

    I192.168.1.x is always a system on the local network; are all the systems you are talking about on the local network?  (192.168.1.x is a reserved address and not visible from the Internet).  Are you saying the firewall is not working when everything is on your workstation or laptop?  I'd have to check, but the OS/kernel is smart enough to sense such things (it does it for routing for example) and uses loopback networking etc.  But I don't off hand know about firewalls.  Anyone can comment?

     

     

     

     

Categories

Upcoming Training